The 2024 AML/CTF Conference for Specialised PFS offered deep insights into the challenges and best practices in anti-money laundering and counter-terrorist financing. 

These following areas have been identified as presenting the most common findings from both onsite inspections and off-site investigations : 

  • Name screening process;
  • Transaction monitoring;
  • Client risk assessment;
  • RC report;
  • Cooperation with authorities.

Name Screening Process

The name screening process emerged as a pivotal area with common challenges such as :

  • All the parties connected to a client’s relationship have not been recorded;
  • Some recorded parties have not been linked to the respective clients;
  • Delays in updating the database with new records;
  • Delays in addressing alerts and unresolved hits;
  • Four-eyes principle has not been applied to the analysis of alerts;
  • Lack of adequate supervision when name screening tasks are outsourced;
  • Analysis have not been sufficiently formalized;
  • Lack of checks on the timely incorporation of Terrorist Financing Sanctions (TFS) lists in the screening tool.

The following best practices have been reminded by the CSSF :

  • Maintain a comprehensive database as mandated by Article 39(2) of the CSSF Regulation N° 12-02;
  • Conduct screenings daily or coinciding with the release of TFS lists.
    The article 33(1)of CSSF Regulation N° 12-02 mentions that the screening has to be made « without delay »;
  • Address alerts immediately as stipulated in Article 33 of the CSSF Regulation N° 12-02;
  • Implement the four-eyes principle for data entry into the database and the processing of alerts (both false and genuine);
  • Systematically formalize and document the analysis process as per Article 39(3) of the CSSF Regulation N° 12-02;
  • Routinely verify the screening tool’s functionality to ensure its proper operation;
  • Ensure that the management of false alerts is overseen when name screening responsibilities are outsourced.

Transaction Monitoring

The following issues have been identified by the CSSF :

  • Lack of transaction monitoring procedures;
  • Unclear understanding of client transaction purposes and underlying reasons;
  • Inadequate focus on scrutinizing complex and exceptionally large transactions;
  • Failure of staff to execute coherence checks or to identify warning signs;
  • Non-application of the four-eyes principle in monitoring and analysis;
  • Lack or inadequacy of formalization and documentation for transaction analysis.

The following best practices have been reminded by the CSSF :

  • Execute transaction monitoring as outlined in Article 3(2)(d) of the AML/CFT Law;
  • Enhance critical thinking skills and carry out coherence checks to ensure transaction integrity;
  • Offer tailored AML/CFT training for staff and management, focusing on specific activities, typologies, awareness of red flags, and case studies, in accordance with Article 4(2) of the AML/CFT Law and Article 46 of the CSSF Regulation N° 12-02;
  • Implement the four-eyes principle in the oversight of transaction monitoring to bolster scrutiny and accuracy;
  • Systematically formalize and document the transaction analysis process, as required by Article 39(3) of the CSSF Regulation N° 12-02.

Client Risk Assessment

The following issues have been identified by the CSSF :

  • The coverage of risk factors as specified in Article 3(2a) of the AML/CFT Law is incomplete, failing to fully encompass customer types, geographic locations, products, services, transaction types, and delivery channels;
  • Misclassification of client risks results in inadequate due diligence actions and incorrect intervals for reviewing client files;
  • There is a lack or deficiency in the formalization of the risk analysis process.

The following best practices have been reminded by the CSSF :

  • Ensure comprehensive consideration of all risk factors outlined in the AML/CFT Law;
  • Accurately assign risk ratings to clients to reflect their true risk level;
  • Adjust due diligence efforts and the frequency of client file reviews to match the assessed risk rating of each client;
  • Prioritize and allocate more resources towards managing high-risk clients;
  • Properly formalize and document the risk analysis process to enhance clarity, consistency, and compliance.

RC Report

The following issues have been identified by the CSSF :

  • The RC report contains insufficiently detailed information;
  • The RC report does not contain all the requested points.

To address these deficiencies the CSSF reminds that, when formalizing its summary report, the RC shall consider all the elements mentioned in the : 

  • Article 42(5) of CSSF Regulation n°12-02 as amended;
  • Point 50 of the EBA guidelines EBA/GL/2022/05.

Cooperation Requirements

The following issues have been identified by the FATF:

  • There are low number of reports filed;

  • A large proportion of reports are driven by adverse media hits with not proper analysis to establish if there are grounds for suspicion before filing the report.

To address these issues the CSSF reminds that : 

  • You have to feel free to submit a report to the FIU whenever necessary;

  • However, ensure that your reports are substantive and provide value to the FIU, rather than submitting them without substantial reason.

Useful links

Discover our AML/CTF services

Discover our other publications :

Circulaire CSSF

Circulaire CSSF 24/850

Circulaire applicable aux PSF de support. Nouvelles règles pratiques relatives au rapport descriptif et introduction d’un questionnaire d’auto-évaluation.

En savoir plus
Circulaire CSSF

CSSF Circular 24/847

The CSSF Circular 24/847 establishes a new ICT-related incident reporting system with the goal of obtaining a more comprehensive and organized understanding of the characteristics, occurrence rate, importance, and consequences of ICT-related incidents.

En savoir plus
fr_FRFrench